Critical infrastructure
Definitions Australia '''Critical infrastructure' is Brazil Critical infrastructure is European Union Critical infrastructure (CI) is Japan Critical infrastructure (CI) is United States Critical infrastructures (CI) are Overview Critical infrastructures (CI) (also referred to as critical national infrastructures or CNI) are physical or virtual systems and assets so vital to the nation that their incapacitation or destruction would: * cause catastrophic health effects or mass casualties comparable to those from the use of weapons of mass destruction, * impair Federal departments and agencies' abilities to perform essential missions or ensure the public's health and safety, * undermine State and local government capacities to maintain order and deliver minimum essential public services, * damage the private sector's capability to ensure the orderly functioning of the economy . . . . * have a negative effect on the economy through the cascading disruption of other critical infrastructure, * or undermine the public's morale and confidence in our national economic and political institutions.White House, Homeland Security Presidential Directive 7, Critical Infrastructure Identification, Prioritization, and Protection (Dec. 17, 2003). A more general definition is given in statute (Pub. L. No. 107-71, §1016): ". . . systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters." Critical infrastructures underpin the security of the U.S.'s national wealth, defense capability, economic prosperity of its people, and, above all, the maintenance of the system of human rights and individual freedoms for which the United States was founded. The threat of infrastructure attacks therefore has the potential for strategic damage to the United States. Critical infrastructures increasingly integrate information using hardware and software that interoperate over the Internet and depend on the IT infrastructure. Vast amounts of information are collected and shared within government and throughout the private sector using interdependent physical and IT infrastructure. Critical distributed information resources and Web services that support operations must be protected against inappropriate access and malicious attack. In May 1998, Presidential Decision Directive 63 (PDD-63) established critical infrastructure protection as a national goal and presented a strategy for cooperative efforts by the government and the private sector to protect the physical and cyber-based systems essential to the minimum operations of the economy and the government. Among other things, this directive encouraged the development of information sharing and analysis centers (ISAC) to serve as mechanisms for gathering, analyzing, and disseminating information on cyber infrastructure threats and vulnerabilities to and from owners and operators of the sectors and the federal government. Critical infrastructure sectors There are 18 critical infrastructure sectors: agriculture and food, banking and finance, chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, government facilities, information technology, national monuments and icons, nuclear reactors, materials and waste, postal and shipping, public health and health care, transportation systems, and water. These systems and assets are essential to the operations of the economy and the government. Cyberspace is their nervous system — the control system of our country. Cyberspace is composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allow the critical infrastructures to work. The healthy functioning of cyberspace is essential to the U.S. economy and national security. Disruptions Disruptions can be caused by any number of factors: poor design, operator error, physical destruction due to natural causes, (earthquakes, lightning strikes, etc.) or physical destruction due to intentional human actions (theft, arson, terrorist attack, etc.). Disruption of any infrastructure is always inconvenient and can be costly and even life-threatening. Major disruptions could lead to major losses and affect national security, the economy, and the public good. Over the years, operators of these critical infrastructures have taken measures to guard against, and to quickly respond to, many of these threats, primarily to improve reliability and safety. However, the terrorist attacks of September 11, and the subsequent anthrax attacks, demonstrated the need to reexamine protections in light of the terrorist threat, as part of an overall critical infrastructure protection policy.Besides loss of life, the terrorist attacks of September 11 disrupted the services of a number of critical infrastructures (including telecommunications, the Internet, financial markets, and air transportation). In some cases, protections already in place (like off-site storage of data, mirror capacity, etc.) allowed for relatively quick reconstitution of services. In other cases, service was disrupted for much longer periods of time. Threats ::: The U.S. government has identified multiple sources of threats to our nation’s critical infrastructure, including foreign nation states engaged in information warfare, domestic criminals, hackers, virus writers, and disgruntled employees working within an organization. In addition, there is concern about the growing vulnerabilities to our nation as the design, manufacture, and service of information technology have moved overseas. Statement of the Director of National Intelligence before the Senate Select Committee on Intelligence, Annual Threat Assessment of the Director of National Intelligence for the Senate Select Committee on Intelligence (Feb. 5, 2008). For example, according to media reports, technology has been shipped to the United States from foreign countries with viruses on the storage devices.Robert McMillan, “Seagate Ships Virus-Laden Hard Drives,” InfoWorld (Nov. 12, 2007).http://www.infoworld.com/article/07/11/12/Seagate-ships-virus-laden-hard-drives_1.html All critical infrastructures are increasingly dependent on information and communications. The most important impact and vulnerability for this sector is the increasing interdependency of the Public Telephone Network (PTN) and the Internet. The Internet depends heavily on the PTN. The PTN, in turn, depends on electrical power for operations and on telephone lines and fiber optic cables that often run along transportation routes. The PTN is increasingly software driven, and remotely managed and maintained through computer networks. Deregulation of the telecommunications industry has had a markedly increase the number of access points, increasing opportunities for attacks. U.S. authorities are concerned about the prospect of combined physical and cyber attacks, which could have devastating consequences. For example, a cyber attack could disable a security system in order to facilitate a physical attack. "Of growing concern is the cyber threat to critical infrastructure. This infrastructure provides essential services such as energy, telecommunications, water, transportation, and financial services and is increasingly subject to sophisticated cyber intrusions that pose new risks. As information technology becomes increasingly integrated with physical infrastructure operations, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend."Department of Homeland Security, The 2014 Quadrennial Homeland Security Review, at 40 (June 18, 2014) (full-text). References See also * Critical infrastructure and key resources * Critical Infrastructure Assurance Office * Critical Infrastructure Assurance Officer * Critical Infrastructure Coordination Group * Critical infrastructure information * Critical Infrastructure Information Act of 2002 * Critical Infrastructure Outreach and Partnership program * Critical infrastructure owner and operator * Critical Infrastructure Partnership Advisory Council * Critical infrastructure protection * Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems * Critical Infrastructure Protection: Current Cyber Sector-Specific Planning Approach Needs Reassessment * Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use * Critical Infrastructure Protection: Key Private and Public Cyber Expectations Need to Be Consistently Addressed * Critical Infrastructure Protection: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain * Critical Infrastructure Protection: Sector-Specific Plans/Coverage of Key Cyber Security Elements Varies * Critical Infrastructure Protection Committee * Critical Infrastructure Protection Cybersecurity program * Critical Infrastructure Resiliency * Critical Infrastructure Working Group * Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure * Legacy critical infrastructures * Networked critical infrastructures * Protected Critical Infrastructure Information Category:Technology Category:Security Category:Definition